kevdoran/knox-plus-certs.efm.properties

## knox-plus-certs.efm.properties
# Example EFM Config
# Web UI users authenticate using Knox SSO
# MiNiFi Agents authenticate using two-way TLS with client certificates

# Web Server TLS Properties
efm.server.ssl.enabled=true
efm.server.ssl.keyStore=./conf/keystore.jks
efm.server.ssl.keyStoreType=jks
efm.server.ssl.keyStorePassword=yourKeyStorePasswordHere
efm.server.ssl.keyPassword=yourKeyPasswordHere
efm.server.ssl.trustStore=./conf/truststore.jks
efm.server.ssl.trustStoreType=jks
efm.server.ssl.trustStorePassword=yourTrustStorePasswordHere
efm.server.ssl.clientAuth=WANT

# Possible values for clientAuth are NONE, WANT, NEED
#  - NONE: Client never provides a certificate and is not authenticated.
#  - WANT: Server will ask for a client certificate, but will accept connections from clients without certificates.
#  - NEED: Server will require a client certificate, and will refuse connections for clients without trusted certificates.

# User Authentication Properties
# authentication via TLS mutual auth with client certificates
efm.security.user.certificate.enabled=true
# authentication via Knox SSO token passed in a cookie header
efm.security.user.knox.enabled=true
efm.security.user.knox.url=https://knox.mycompany.com:8443/gateway/knoxsso/api/v1/websso
efm.security.user.knox.publicKey=/path/to/knox-server-keystores/public-key.pem
efm.security.user.knox.cookieName=hadoop-jwt
#efm.security.user.knox.audiences=
# authentication via generic reverse proxy with user passed in a header
efm.security.user.proxy.enabled=false
efm.security.user.proxy.headerName=x-webauth-user
#efm.security.user.proxy.ipWhitelist=
#efm.security.user.proxy.dnWhitelist[0]=
	# Example EFM Config
	# Web UI users authenticate using Knox SSO
	# MiNiFi Agents authenticate using two-way TLS with client certificates

	# Web Server TLS Properties
	efm.server.ssl.enabled=true
	efm.server.ssl.keyStore=./conf/keystore.jks
	efm.server.ssl.keyStoreType=jks
	efm.server.ssl.keyStorePassword=yourKeyStorePasswordHere
	efm.server.ssl.keyPassword=yourKeyPasswordHere
	efm.server.ssl.trustStore=./conf/truststore.jks
	efm.server.ssl.trustStoreType=jks
	efm.server.ssl.trustStorePassword=yourTrustStorePasswordHere
	efm.server.ssl.clientAuth=WANT

	# Possible values for clientAuth are NONE, WANT, NEED
	# - NONE: Client never provides a certificate and is not authenticated.
	# - WANT: Server will ask for a client certificate, but will accept connections from clients without certificates.
	# - NEED: Server will require a client certificate, and will refuse connections for clients without trusted certificates.

	# User Authentication Properties
	# authentication via TLS mutual auth with client certificates
	efm.security.user.certificate.enabled=true
	# authentication via Knox SSO token passed in a cookie header
	efm.security.user.knox.enabled=true
	efm.security.user.knox.url=https://knox.mycompany.com:8443/gateway/knoxsso/api/v1/websso
	efm.security.user.knox.publicKey=/path/to/knox-server-keystores/public-key.pem
	efm.security.user.knox.cookieName=hadoop-jwt
	#efm.security.user.knox.audiences=
	# authentication via generic reverse proxy with user passed in a header
	efm.security.user.proxy.enabled=false
	efm.security.user.proxy.headerName=x-webauth-user
	#efm.security.user.proxy.ipWhitelist=
	#efm.security.user.proxy.dnWhitelist[0]=